workato-integration[bot]
commented
4 months ago Open asafarian opened 4 months ago
workato-integration[bot]
commented
4 months ago 
asafarian
commented
3 months ago Any news here ?
nedl86
commented
2 months ago Hi @asafarian I'm in the Solutions Consulting team at New Relic. Thanks for your patience while our Product team reviews this. Would you be open to a quick discussion about this request? If so, please reach out to me at: nlidbury [at] newrelic [dot] com
Description
We have observed that the New Relic Synthetics job manager images are configured to run as the root user. This configuration leads to compatibility issues in environments like OpenShift, which, by default, restricts running containers as root to enhance security. This restriction requires the application to run with privileged permissions, which is not ideal from a security standpoint.
Acceptance Criteria
Describe Alternatives
We have considered using OpenShift's anyuid Security Context Constraint to allow the containers to run as root; however, this approach is not recommended due to security risks. An alternative could be to refactor the application to avoid the necessity of root privileges entirely, which would comply with best practices for container security.
Dependencies
This change will affect the deployment and operational teams responsible for managing the New Relic Synthetics job manager images.
Additional context
The use of non-root containers is a common practice to enhance security in containerized environments. Adapting our images to support running as a non-root user aligns with industry security standards and best practices, thus improving our compatibility with more secure and restricted environments like OpenShift.
Estimates
Given the scope of testing and documentation updates required, this task is estimated to be a Medium (M) effort, corresponding to 3-5 days of work.